mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 21:46:22 +01:00
13 lines
860 B
Plaintext
13 lines
860 B
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * virt/virt-additional-security-privileges-controller-and-launcher.adoc
|
|
|
|
:_content-type: CONCEPT
|
|
[id="virt-about-workload-security_{context}"]
|
|
= About workload security
|
|
|
|
By default, virtual machine (VM) workloads do not run with root privileges in {VirtProductName}.
|
|
|
|
For each VM, a `virt-launcher` pod runs an instance of `libvirt` in _session mode_ to manage the VM process. In session mode, the `libvirt` daemon runs as a non-root user account and only permits connections from clients that are running under the same user identifier (UID). Therefore, VMs run as unprivileged pods, adhering to the security principle of least privilege.
|
|
|
|
There are no supported {VirtProductName} features that require root privileges. If a feature requires root, it might not be supported for use with {VirtProductName}. |